Merge pull request #33 from fido-node/fix-weekly-ci-action

Fix weekly ci action

.github/workflows/build.yaml

@@ -17,34 +17,69 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Git checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v4
+      - name: Guix cache
+        uses: actions/cache/restore@v3
+        with:
+          path: ~/.cache/guix
+          # use a key that (almost) never matches
+          key: guix-cache-${{ github.sha }}
+          restore-keys: |
+            guix-cache-
 
       - name: Install Guix
-        uses: PromyLOPh/guix-install-action@v1
+        uses: PromyLOPh/guix-install-action@v1.5
         with:
           channels: |
             (cons* (channel
-                    (name 'nonguix)
-                    (url "https://gitlab.com/nonguix/nonguix")
-                    ;; Enable signature verification:
-                    (introduction
-                     (make-channel-introduction
-                      "897c1a470da759236cc11798f4e0a5f7d4d59fbc"
-                      (openpgp-fingerprint
-                        "2A39 3FFF 68F4 EF7A 3D29  12AF 6F51 20A0 22FB B2D5"))))
+                     (name 'nonguix)
+                     (url "https://gitlab.com/nonguix/nonguix")
+                     (introduction
+                       (make-channel-introduction
+                         "897c1a470da759236cc11798f4e0a5f7d4d59fbc"
+                         (openpgp-fingerprint
+                           "2A39 3FFF 68F4 EF7A 3D29  12AF 6F51 20A0 22FB B2D5"))))
                     %default-channels)
 
+      - name: Set up Nonguix Substitutes
+        run: |
+          # This is necessary to authorize the substitute server
+          wget https://substitutes.nonguix.org/signing-key.pub
+          mv signing-key.pub nonguix-signing-key.pub
+          sudo /var/guix/profiles/per-user/root/current-guix/bin/guix archive --authorize < nonguix-signing-key.pub
+
+      - name: Set daemon level Substitutes
+        run: |
+          SUBSTITUTE_URLS="https://ci.guix.gnu.org https://bordeaux.guix.gnu.org https://substitutes.nonguix.org"
+          
+          sudo sed -i "s|--substitute-urls='https://bordeaux.guix.gnu.org https://ci.guix.gnu.org'|--substitute-urls='$SUBSTITUTE_URLS'|g" /etc/systemd/system/guix-daemon.service
+                
+          sudo systemctl daemon-reload
+          sudo systemctl restart guix-daemon.service    
+    
       - name: Build ISO
         run: |
+          
+          # Write out the channels file so it can be included
+          guix time-machine -C ./guix/base-channels.scm -- describe -f channels > ./guix/channels.scm
+          
+          # Build the image
+          image=$(guix time-machine -C ./guix/channels.scm -- system image -t iso9660 ./guix/installer.scm)
+
+          # Copy the image to the local folder with a better name
           export RELEASE_TAG=$(date +"%Y%m%d%H%M")
           echo "RELEASE_TAG=$RELEASE_TAG" >> $GITHUB_ENV
-          image=$(guix system image -t iso9660 installer.scm)
           cp $image ./guix-installer-$RELEASE_TAG.iso
+      - uses: actions/cache/save@v3
+        if: always()
+        with:
+          path: ~/.cache/guix
+          key: guix-cache-${{ github.sha }}
 
       - name: Prepare Release Notes
         run: |
           echo $'This installer image was prepared with the following channel configuration:\r\n\r\n```\r\n' > release-notes.md
-          guix describe -f channels >> release-notes.md
+          cat ./guix/channels.scm >> release-notes.md
           echo $'\r\n```' >> release-notes.md
 
       - name: Create Release

.gitignore

@@ -0,0 +1,2 @@
+*.iso
+./guix/channels.scm

README.md

@@ -1,21 +1,70 @@
 # System Crafters Guix Installer
 
-This repository runs automated CI builds to produce a [GNU
-Guix](https://guix.gnu.org) installation image using the **full Linux kernel**
-from the [Nonguix channel](https://gitlab.com/nonguix/nonguix).  If you are
-using a modern laptop or hardware that is incompatible with the Linux Libre
-kernel, this installer image is for you!
+This repository runs _automated CI builds_ to produce a
+[GNU Guix](https://guix.gnu.org) installation image using the
+**full Linux kernel** from the
+[Nonguix channel](https://gitlab.com/nonguix/nonguix). If you are using a
+modern laptop or hardware that is incompatible with the **Linux Libre kernel**,
+this installer image is for you!
 
-You can take a look at the [image configuration](installer.scm) and the [build
-workflow](.github/workflows/build.yaml) to be sure that we aren't adding
+You may take a look at the [image configuration](./guix/installer.scm) and the
+[build workflow](./.github/workflows/build.yaml) to be sure that we aren't adding
 anything malicious to these builds!
 
-A new ISO is produced at least once a week, sometimes more often if we're making
-improvements to the configuration.
+**A new `.iso` image is produced at least once a week, sometimes more often if
+we're making improvements to the configuration.**
 
-Special thanks to [@anntnzrb](https://github.com/anntnzrb) for providing the
-starting point for the CI configuration!
+## Table of Contents
+- [System Crafters Guix Installer](#system-crafters-guix-installer)
+  - [Instructions](#instructions)
+  - [Attributions](#attributions)
+  - [License](#license)
+
+## Instructions
+
+1. Download a recently built `.iso` from this repo's
+   [release page](https://github.com/SystemCrafters/guix-installer/releases)
+2. Flash the `.iso` file into a USB stick with at least `3Gb`.
+
+### Flashing the ISO
+
+As stated in _step #2_ at [Instructions](#instructions), you will need to flash
+the `.iso` file into a USB stick.
+
+**[*]nix**:
+
+You should only need the `dd` utility (_coreutils_):
+
+- `dd status=progress if=guix-installerYYYYMMDDHHMM.iso of=/dev/foo`
+  - where `guix-installerYYYYMMDDHHMM.iso` is the name of the downloaded `.iso`
+    image and `foo` the name of the targeted device to flash the image.
+
+For the sake of providing an example, here's the full command:
+
+```sh
+dd status=progress if=guix-installer-202106150234.iso of=/dev/sdb
+```
+
+> NOTE #1: You can list your devices with `lsblk`.
+
+> NOTE #2: If `dd` won't work, refer to the **Windows** section.
+
+**Windows**:
+
+- [balenaEtcher](https://www.balena.io/etcher) is a great **cross-platform**
+  _FOSS_ utility for flashing _GNU/Linux_ images.
+- If the above doesn't work, you might give [Rufus](https://rufus.ie/en_US/) a
+  look.
+
+## Attributions
+
+- [@anntnzrb](https://github.com/anntnzrb) for providing the starting point for
+  the _CI_ configuration.
+- [@daviwil](https://github.com/daviwil) for releasing the finished _CI_
+  configuration and getting everything up and running.
+- The [System Crafters](https://systemcrafters.cc)' community.
 
 ## License
 
-The code in this repository is licensed under the [GNU General Public License v3](LICENSE.txt).
+The code in this repository is licensed under the
+[GNU General Public License v3](./LICENSE.txt).

build-iso.sh

@@ -0,0 +1,37 @@
+#!/bin/sh
+
+# -----------------------------------------------------------------------------
+# Utilities
+# -----------------------------------------------------------------------------
+
+die() {
+    # **
+    # Prints a message to stderr & exits script with non-successful code "1"
+    # *
+
+    printf '%s\n' "$@" >&2
+    exit 1
+}
+
+# -----------------------------------------------------------------------------
+# Main
+# -----------------------------------------------------------------------------
+
+# Write out the channels file so it can be included
+guix time-machine -C './guix/base-channels.scm' -- \
+     describe -f channels > './guix/channels.scm'
+
+# Build the image
+printf 'Attempting to build the image...\n\n'
+image=$(guix time-machine -C './guix/channels.scm' --substitute-urls='https://ci.guix.gnu.org https://bordeaux.guix.gnu.org https://substitutes.nonguix.org' -- system image -t iso9660 './guix/installer.scm') \
+    || die 'Could not create image.'
+
+release_tag=$(date +"%Y%m%d%H%M")
+cp "${image}" "./guix-installer-${release_tag}.iso" ||
+    die 'An error occurred while copying.'
+
+printf 'Image was succesfully built: %s\n' "${image}"
+
+# cleanup
+unset -f die
+unset -v image release_tag

guix/base-channels.scm

@@ -0,0 +1,12 @@
+;; Reference :: https://gitlab.com/nonguix/nonguix
+
+(cons* (channel
+        (name 'nonguix)
+        (url "https://gitlab.com/nonguix/nonguix")
+        ;; Enable signature verification:
+        (introduction
+         (make-channel-introduction
+          "897c1a470da759236cc11798f4e0a5f7d4d59fbc"
+          (openpgp-fingerprint
+           "2A39 3FFF 68F4 EF7A 3D29  12AF 6F51 20A0 22FB B2D5"))))
+       %default-channels)

guix/installer.scm

@@ -1,6 +1,8 @@
 ;;; Copyright © 2019 Alex Griffin <a@ajgrf.com>
 ;;; Copyright © 2019 Pierre Neidhardt <mail@ambrevar.xyz>
-;;; Copyright © 2019 David Wilson <david@daviwil.com>
+;;; Copyright © 2019,2024 David Wilson <david@daviwil.com>
+;;; Copyright © 2022 Jonathan Brielmaier <jonathan.brielmaier@web.de>
+;;; Copyright © 2024 Hilton Chain <hako@ultrarare.space>
 ;;;
 ;;; This program is free software: you can redistribute it and/or modify
 ;;; it under the terms of the GNU General Public License as published by
@@ -16,11 +18,11 @@
 ;;; along with this program.  If not, see <https://www.gnu.org/licenses/>.
 
 ;; Generate a bootable image (e.g. for USB sticks, etc.) with:
-;; $ guix system disk-image nongnu/system/install.scm
+;; $ guix system image -t iso9660 installer.scm
 
 (define-module (nongnu system install)
-  #:use-module (gnu system)
-  #:use-module (gnu system install)
+  #:use-module (guix)
+  #:use-module (guix channels)
   #:use-module (gnu packages version-control)
   #:use-module (gnu packages vim)
   #:use-module (gnu packages curl)
@@ -28,9 +30,33 @@
   #:use-module (gnu packages linux)
   #:use-module (gnu packages mtools)
   #:use-module (gnu packages package-management)
+  #:use-module (gnu services)
+  #:use-module (gnu services base)
+  #:use-module (gnu system)
+  #:use-module (gnu system install)
   #:use-module (nongnu packages linux)
   #:export (installation-os-nonfree))
 
+;; https://substitutes.nonguix.org/signing-key.pub
+(define %signing-key
+  (plain-file "nonguix.pub" "\
+(public-key
+ (ecc
+  (curve Ed25519)
+  (q #C1FD53E5D4CE971933EC50C9F307AE2171A2D3B52C804642A7A35F84F3A4EA98#)))"))
+
+(define %channels
+  (cons* (channel
+          (name 'nonguix)
+          (url "https://gitlab.com/nonguix/nonguix")
+          ;; Enable signature verification:
+          (introduction
+           (make-channel-introduction
+            "897c1a470da759236cc11798f4e0a5f7d4d59fbc"
+            (openpgp-fingerprint
+             "2A39 3FFF 68F4 EF7A 3D29  12AF 6F51 20A0 22FB B2D5"))))
+         %default-channels))
+
 (define installation-os-nonfree
   (operating-system
     (inherit installation-os)
@@ -42,6 +68,25 @@
     ;; wpa_supplicant when you try to connect to a wifi network.
     (kernel-arguments '("quiet" "modprobe.blacklist=radeon" "net.ifnames=0"))
 
+    (services
+     (cons*
+      ;; Include the channel file so that it can be used during installation
+      (simple-service 'channel-file etc-service-type
+                      (list `("channels.scm" ,(local-file "channels.scm"))))
+
+      (modify-services (operating-system-user-services installation-os)
+        (guix-service-type
+         config => (guix-configuration
+                    (inherit config)
+                    (guix (guix-for-channels %channels))
+                    (authorized-keys
+                     (cons* %signing-key
+                            %default-authorized-guix-keys))
+                    (substitute-urls
+                     `(,@%default-substitute-urls
+                       "https://substitutes.nonguix.org"))
+                    (channels %channels))))))
+
     ;; Add some extra packages useful for the installation process
     (packages
      (append (list git curl stow vim emacs-no-x-toolkit)